- my webspace

- my webspace

Tweets..

Latest Comment

Why I must believe in GOD
Testing time is almost passed..there are many colours in lif...
27/06/12 08:43 More...
By Tarun Shekhawat

Allama Iqbal - Selective verse...
Yahoouj
Really good work about this website was done. Keep trying mo...
07/03/10 22:04 More...
By Roderick

Allama Iqbal - Selective verse...
Great Job
You have dont a great job of collecting these... Even I had ...
25/08/09 08:01 More...
By Sikandar

O ye who don't believe !
It's like Lehman Brothers :grin
11/10/08 17:31 More...
By anurag Chaturvedi

I Protest
@Sikku
Thanks Sikku for the feedback. I never intend to blame, a...
29/07/08 18:06 More...
By Aminur Rashid

Login






Lost Password?
Home arrow Java arrow Prevent reflection to access private methods and members in java classes
Prevent reflection to access private methods and members in java classes PDF Print E-mail
User Rating: / 1
PoorBest 
Written by Aminur Rashid   
Thursday, 26 March 2009

Reflection is a nice evil. It can let you access private method/fields/constructor of a class.
import java.lang.reflect.Field;

public class UseReflection {
	public static void main(String args[]) {
		Object prey = new Prey();
		try {
			Field pf = prey.getClass().getDeclaredField("privateString");
			pf.setAccessible(true);
			pf.set(prey, "Aminur test");
			System.out.println(pf.get(prey));
		} catch (Exception e) {
			System.err.println("Caught exception " + e.toString());
		}

	}
}

class Prey {
	private String privateString = "privateValue";
}

Now in case you are wondering, that makes my class vulnerable to be modified, yes you are right. But then there is a way to prevent the caller from changing the modifier/changing the accessor. The easiest thing is to use the SecurityManager. Run the programme again using the default securitymanager provided by Java
 
java -Djava.security.manager UseReflection

For more on DefaultPolicy Implementation, you may want to read the document at sun.

Another way to do is to write your own security manager, you must create a subclass of the SecurityManager class. Once you are done with your security manager, you can install it as the current security manager for your Java application. You do this with the setSecurityManager() method from the System class. You can set the security manager for your application only once. In other words, your Java application can invoke System.setSecurityManager() only one time during its lifetime. Any subsequent attempt to install a security manager within a Java application will result in a SecurityException.

import java.lang.reflect.Field;
import java.security.Permission;

public class UseReflection {
	static{
    	try {
    	    System.setSecurityManager(new MySecurityManager());
    	} catch (SecurityException se) {
    	    System.out.println("SecurityManager already set!");
    	}

    }
	public static void main(String args[]) {
		Object prey = new Prey();
		try {
			Field pf = prey.getClass().getDeclaredField("privateString");
			pf.setAccessible(true);
			pf.set(prey, "Aminur test");
			System.out.println(pf.get(prey));
		} catch (Exception e) {
			System.err.println("Caught exception " + e.toString());
		}

	}
}

class Prey {
	private String privateString = "privateValue";
}

class MySecurityManager extends SecurityManager {
	 public void checkPermission(Permission perm) {
		 if(perm.getName().equals("suppressAccessChecks")){
			 throw new SecurityException("Can not change the permission dude.!");
		 }
            
	 }
}


StumbleUponDigg This!Bookmark on Delicious

Add as favourites (218) | Quote this article on your site | Views: 1046 | E-mail

Be first to comment this article
RSS comments

Only registered users can write comments.
Please login or register.

Last Updated ( Thursday, 26 March 2009 )
 
< Prev
Aminur Rashid